Nayaka is committed to being compliant with all applicable data protection laws. This document provides an overview of data protection at Nayaka and how it applies exclusively to resale engagements we have with our customers Data Protection Registration Nayaka is registered with the Information Commissioner’s Office (ICO registration: ZB419818). We are committed to operating in compliance with all applicable data protection laws, including the Data Protection Act 2018 (DPA) and the requirements of the General Data Protection Regulation. Personal Information Held For all individuals Nayaka will only hold limited personal data: name, job role, business email and telephone numbers. Nayaka is the data controller of this information and will respect data subjects’ rights under the GDPR, such as requesting the personal data we hold or being removed from our systems. Data exchange with most customers is limited to email and telephone conversations; we do not record telephone calls or share private emails outside the scope of users and subjects concerned. Our Approach to Data Protection As a small operation, we have only recently introduced bi-annual reviews of our data protection compliance but this also affords Nayaka greater simplicity when managing user access to shared personal data stores. Software License Resale Nayaka exclusively resells software licenses and consultancy services. When Nayaka places an order onto a supplier we supply them with the limited amount of personal information required to fulfil that order. Typically this is limited to the name, email address and phone number of a license to contact. Nayaka
processes this information as a controller. The suppliers then becomes the data controller of this information and may use it to contact individuals outside of Nayaka’s control such as sharing product information, marketing, providing support and renewals. Alternative Contacts If you have any specific questions relating to data protection please either contact Nayaka’s managing director and data protection officer, Rowan Sinclair ([email protected]) or finance director, Melani Carreno Arispe ([email protected]).
Information Security Policy
1. Purpose The purpose of this Policy is to safeguard information belonging to Nayaka Limited and its staff, third parties and customers within a secure environment. This Policy informs Nayaka’s staff of the principles governing the holding, use and disposal of information. It is the goal of Nayaka that: ● Information will be protected against unauthorised access or misuse. ● Confidentiality of information will be secured. ● Integrity of information will be maintained. ● Availability of information / information systems is maintained for service delivery. ● Business continuity planning processes will be maintained. ● Regulatory, contractual and legal requirements will be complied with. ● Physical, logical, environmental and communications security will be maintained. ● Infringement of this Policy may result in disciplinary action or criminal prosecution. ● When information is no longer of use, it is disposed of in a suitable manner. ● All information security incidents will be reported to the Data Protection Officer, and investigated through the appropriate management channel.
Information relates to: ● Electronic information systems (software, computers, and peripherals) owned or leased by Nayaka Limited. ● Hardware, software and data owned or leased by Nayaka Limited. ● Paper-based materials. ● Electronic recording devices or applications (principally video and audio).
2. The Policy Nayaka requires all users to exercise a duty of care in relation to the operation and use of its information systems. 2.1 Authorised users of information systems With the exception of information published for public consumption, all users of Nayaka’s information systems must be formally and exclusively authorised by appointment as a member of staff by a director of the company. Authorised users will be in possession of a unique user identity. Any password associated with a user identity must not be disclosed to any other person and must be changed on a quarterly basis. Authorised users will pay due care and attention to protect Nayaka’s information in their personal possession. Confidential, personal or private information must not be copied or transported without consideration of: ● permission of the information owner ● the risks associated with loss or falling into the wrong hands ● how the information will be secured during transport and at its destination.
2.2 Acceptable use of information systems Use of Nayaka’s information systems by authorised users will be lawful, honest and decent and shall have regard to the rights and sensitivities of other people. 2.3 Information System Owners Directors who are responsible for information systems are required to ensure that: 1. Systems are adequately protected from unauthorised access. 2. Systems are secured against theft and damage to a level that is cost-effective. 3. Adequate steps are taken to ensure the availability of the information system, commensurate with its importance (Business Continuity). 4. Electronic data can be recovered in the event of loss of the primary source. I.e. failure or loss of a computer system. It is incumbent on all system owners to backup data and to be able to restore data to a level commensurate with its importance (Disaster Recovery). 5. Data is maintained with a high degree of accuracy.
6. Systems are used for their intended purpose and that procedures are in place to rectify discovered or notified misuse. 7. Any electronic access logs are only retained for a justifiable period to ensure compliance with the data protection, investigatory powers and freedom of information acts. 8. Any third parties entrusted with Nayaka’s data understand their responsibilities with respect to maintaining its security.
2.4 Personal Information Authorised users of information systems are not given rights of privacy in relation to their use of Nayaka’s information systems. Duly authorised officers of Nayaka may access or monitor personal data contained in any Nayaka information system (mailboxes, web access logs, file-store etc). 2.5 Individuals in breach of this policy are subject to disciplinary procedures at the instigation of the directors with responsibility for the relevant information system, including referral to the Police where appropriate. Nayaka will take legal action to ensure that its information systems are not used by unauthorised persons. 3. Ownership 3.1 The Data Protection Officer has direct responsibility for maintaining this policy and providing guidance and advice on its implementation. Information system owners are responsible for the implementation of this Policy within their area, and to ensure adherence.
Alternative Contacts If you have any specific questions relating to information security please either contact Nayaka’s managing director and data protection officer, Rowan Sinclair ([email protected]) or finance director, Melani Carreno Arispe ([email protected]).
